我有一个用户 bean,其中包含 userName、profileName、email 等字段。
我正在我的应用程序中实现 Spring Security。在登录表单中,我希望用户输入个人资料名称或电子邮件,他应该能够使用这两者登录。但似乎该配置仅适用于 userName。我正在使用 hibernate 从数据库中获取用户详细信息。
下面是我的代码
表单登录.jsp
<form name='f' action="<c:url value='j_spring_security_check' />"
method='POST'>
<table>
<tr>
<td>Email/ProfileName</td>
<td><input type='text' name='j_username' value=''>
</td>
</tr>
<tr>
<td>Password:</td>
<td><input type='password' name='j_password' />
</td>
</tr>
<tr>
<td colspan='2'><input name="submit" type="submit"
value="submit" />
</td>
</tr>
<tr>
<td colspan='2'><input name="reset" type="reset" />
</td>
</tr>
</table>
</form>
自定义 UserDetailsService 类中的 loadByUserName 方法
public UserDetails loadUserByUsername(String name)throws UsernameNotFoundException, DataAccessException
{
//returns the get(0) of the user list obtained from the db
User domainUser = userDAO.getUser(name);
logger.info("User fetched from database in loadUserByUsername method " + domainUser);
Set<Roles> roles = domainUser.getRole();
logger.info("roles of the user"+ roles);
Set<GrantedAuthority> authorities = new HashSet<>();
for(Roles role:roles) {
authorities.add(new SimpleGrantedAuthority(role.getRole()));
logger.info("role" +role+" role.getRole()"+(role.getRole()));
}
return new org.springframework.security.core.userdetails.User(
domainUser.getName(),
domainUser.getPassword(),
domainUser.isEnabled(),
domainUser.isAccountNonExpired(),
domainUser.isCredentialsNonExpired(),
domainUser.isAccountNonLocked(),
authorities);
}
从数据库查询
@SuppressWarnings("unchecked")
public User getUser(String name){
List<User> userList = new ArrayList<User>();
Query query = sessionFactory.getCurrentSession().createQuery("from User u where u.name = :name");
query.setParameter("name", name);
userList = query.list();
if (userList.size() > 0)
return userList.get(0);
else
return null;
}
有人能帮忙解决这个问题吗?
spring-security.xml
<http auto-config="true">
<intercept-url pattern="/forms/welcome*" access="ROLE_ADMIN" />
<!-- Below config will display the custom form for authentication -->
<form-login login-page="/forms/login" default-target-url="/forms/welcome"
authentication-failure-url="/forms/loginfailed" />
<logout logout-success-url="/forms/logout" />
<!-- <http-basic /> -->
</http>
<authentication-manager>
<authentication-provider user-service-ref="myUserDetailService">
</authentication-provider>
</authentication-manager>